Vendor CVEs
Mozilla Corporation
All CVEs
3,627 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2813 | Med | 0.42 | 6.5 | 0.01 | Apr 30, 2016 | Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a… | ||
| CVE-2016-1967 | Med | 0.42 | 6.5 | 0.02 | Mar 13, 2016 | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and… | ||
| CVE-2016-1956 | Med | 0.42 | 6.5 | 0.02 | Mar 13, 2016 | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | ||
| CVE-2016-1523 | Med | 0.42 | 6.5 | 0.02 | Feb 13, 2016 | The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL… | ||
| CVE-2016-1938 | Med | 0.42 | 6.5 | 0.03 | Jan 31, 2016 | The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging… | ||
| CVE-2016-1933 | Med | 0.42 | 6.5 | 0.02 | Jan 31, 2016 | Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. | ||
| CVE-2015-8511 | Med | 0.42 | 6.4 | 0.00 | Jan 9, 2016 | Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||
| CVE-2005-0587 | Med | 0.42 | 6.5 | 0.01 | Mar 25, 2005 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | ||
| CVE-2026-6762 | Med | 0.41 | 6.3 | 0.00 | Apr 21, 2026 | Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6757 | Med | 0.41 | 6.3 | 0.00 | Apr 21, 2026 | Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2025-3522 | Med | 0.41 | 6.3 | 0.00 | Apr 15, 2025 | Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the… | ||
| CVE-2025-2830 | Med | 0.41 | 6.3 | 0.00 | Apr 15, 2025 | By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive… | ||
| CVE-2019-11738 | Med | 0.41 | 6.3 | 0.01 | Sep 27, 2019 | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This… | ||
| CVE-2016-2837 | Med | 0.41 | 6.3 | 0.05 | Aug 5, 2016 | Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and… | ||
| CVE-2016-1975 | Med | 0.41 | 6.3 | 0.01 | Mar 13, 2016 | Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown… | ||
| CVE-2025-13013 | Med | 0.40 | 6.1 | 0.00 | Nov 11, 2025 | Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | ||
| CVE-2025-11712 | Med | 0.40 | 6.1 | 0.00 | Oct 14, 2025 | A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.… | ||
| CVE-2025-10536 | Med | 0.40 | 6.2 | 0.00 | Sep 16, 2025 | Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-55033 | Med | 0.40 | 6.1 | 0.00 | Aug 19, 2025 | Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142. | ||
| CVE-2025-55032 | Med | 0.40 | 6.1 | 0.00 | Aug 19, 2025 | Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142. | ||
| CVE-2025-55030 | Med | 0.40 | 6.1 | 0.00 | Aug 19, 2025 | Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142. | ||
| CVE-2025-6430 | Med | 0.40 | 6.1 | 0.00 | Jun 24, 2025 | When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed… | ||
| CVE-2025-3859 | Med | 0.40 | 6.1 | 0.00 | Apr 30, 2025 | Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138. | ||
| CVE-2024-0953 | Med | 0.40 | 6.1 | 0.00 | Feb 5, 2024 | When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | ||
| CVE-2023-6867 | Med | 0.40 | 6.1 | 0.01 | Dec 19, 2023 | The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to… | ||
| CVE-2023-49061 | Med | 0.40 | 6.1 | 0.00 | Nov 21, 2023 | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | ||
| CVE-2023-5758 | Med | 0.40 | 6.1 | 0.00 | Oct 25, 2023 | When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. | ||
| CVE-2023-42808 | Med | 0.40 | 6.1 | 0.00 | Oct 4, 2023 | Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data… | ||
| CVE-2023-34415 | Med | 0.40 | 6.1 | 0.00 | Jun 19, 2023 | When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on… | ||
| CVE-2023-29540 | Med | 0.40 | 6.1 | 0.00 | Jun 2, 2023 | Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus… | ||
| CVE-2019-17003 | Med | 0.40 | 6.1 | 0.00 | Feb 16, 2023 | Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | ||
| CVE-2022-45418 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||
| CVE-2022-45413 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects… | ||
| CVE-2022-45411 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on… | ||
| CVE-2022-40956 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | ||
| CVE-2022-36316 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | ||
| CVE-2022-34475 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to… | ||
| CVE-2022-34474 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | ||
| CVE-2022-34473 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102. | ||
| CVE-2022-29912 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-29911 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-29910 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | ||
| CVE-2021-43544 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other… | ||
| CVE-2021-43543 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||
| CVE-2021-43532 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one… | ||
| CVE-2021-43530 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | ||
| CVE-2021-29979 | Med | 0.40 | 6.1 | 0.01 | Aug 2, 2021 | Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634. | ||
| CVE-2021-29953 | Med | 0.40 | 6.1 | 0.01 | Jun 24, 2021 | A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating… | ||
| CVE-2021-29944 | Med | 0.40 | 6.1 | 0.01 | Jun 24, 2021 | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This… | ||
| CVE-2011-3656 | Med | 0.40 | 6.1 | 0.01 | Jun 2, 2021 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. |
- risk 0.42cvss 6.5epss 0.01
Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a…
- risk 0.42cvss 6.5epss 0.02
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and…
- risk 0.42cvss 6.5epss 0.02
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
- risk 0.42cvss 6.5epss 0.02
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL…
- risk 0.42cvss 6.5epss 0.03
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging…
- risk 0.42cvss 6.5epss 0.02
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
- risk 0.42cvss 6.4epss 0.00
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
- risk 0.41cvss 6.3epss 0.00
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.41cvss 6.3epss 0.00
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.41cvss 6.3epss 0.00
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the…
- risk 0.41cvss 6.3epss 0.00
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive…
- risk 0.41cvss 6.3epss 0.01
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This…
- risk 0.41cvss 6.3epss 0.05
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and…
- risk 0.41cvss 6.3epss 0.01
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown…
- risk 0.40cvss 6.1epss 0.00
Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.
- risk 0.40cvss 6.1epss 0.00
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.…
- risk 0.40cvss 6.2epss 0.00
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.40cvss 6.1epss 0.00
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.
- risk 0.40cvss 6.1epss 0.00
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.
- risk 0.40cvss 6.1epss 0.00
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142.
- risk 0.40cvss 6.1epss 0.00
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed…
- risk 0.40cvss 6.1epss 0.00
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.
- risk 0.40cvss 6.1epss 0.00
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
- risk 0.40cvss 6.1epss 0.01
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to…
- risk 0.40cvss 6.1epss 0.00
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
- risk 0.40cvss 6.1epss 0.00
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.
- risk 0.40cvss 6.1epss 0.00
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data…
- risk 0.40cvss 6.1epss 0.00
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on…
- risk 0.40cvss 6.1epss 0.00
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus…
- risk 0.40cvss 6.1epss 0.00
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
- risk 0.40cvss 6.1epss 0.01
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
- risk 0.40cvss 6.1epss 0.00
Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects…
- risk 0.40cvss 6.1epss 0.01
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on…
- risk 0.40cvss 6.1epss 0.01
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
- risk 0.40cvss 6.1epss 0.00
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.
- risk 0.40cvss 6.1epss 0.00
SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to…
- risk 0.40cvss 6.1epss 0.00
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.
- risk 0.40cvss 6.1epss 0.00
The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102.
- risk 0.40cvss 6.1epss 0.01
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- risk 0.40cvss 6.1epss 0.01
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- risk 0.40cvss 6.1epss 0.00
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.
- risk 0.40cvss 6.1epss 0.01
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other…
- risk 0.40cvss 6.1epss 0.01
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
- risk 0.40cvss 6.1epss 0.01
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one…
- risk 0.40cvss 6.1epss 0.01
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94.
- risk 0.40cvss 6.1epss 0.01
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634.
- risk 0.40cvss 6.1epss 0.01
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating…
- risk 0.40cvss 6.1epss 0.01
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
Page 30 of 73